puls-dev 0.2.1 → 0.2.2

package/dist/providers/gcp/cloudsql.js

@@ -0,0 +1,262 @@
+import { BaseBuilder } from "../../core/resource.js";
+import { gcpFetch, getProjectId, getRegion } from "./api.js";
+const SQL_BASE = "https://sqladmin.googleapis.com";
+const DB_PORT = {
+    postgres: 5432,
+    postgresql: 5432,
+    mysql: 3306,
+};
+function formatDatabaseVersion(engine, version) {
+    const eng = engine.toLowerCase();
+    if (eng === "postgres" || eng === "postgresql") {
+        return `POSTGRES_${version.split(".")[0]}`;
+    }
+    if (eng === "mysql") {
+        return `MYSQL_${version.replace(/\./g, "_")}`;
+    }
+    return `${engine.toUpperCase()}_${version}`;
+}
+export class GCPCloudSQLBuilder extends BaseBuilder {
+    _engine = "postgres";
+    _engineVersion = "16";
+    _tier = "db-f1-micro";
+    _storage = 10;
+    _username;
+    _password;
+    _dbName;
+    _publicAccess = false;
+    _region;
+    resolvedEndpoint = null;
+    resolvedPort = null;
+    resolvedConnectionName = null;
+    constructor(instanceId) {
+        super(instanceId);
+        this.discoveryPromise = this.discoverInstance();
+    }
+    engine(e) {
+        this._engine = e.engine;
+        this._engineVersion = e.version;
+        return this;
+    }
+    size(tier) {
+        this._tier = tier;
+        return this;
+    }
+    storage(gb) {
+        this._storage = gb;
+        return this;
+    }
+    credentials(username, password) {
+        this._username = username;
+        this._password = password;
+        return this;
+    }
+    database(name) {
+        this._dbName = name;
+        return this;
+    }
+    publicAccess(enabled = true) {
+        this._publicAccess = enabled;
+        return this;
+    }
+    region(reg) {
+        this._region = reg;
+        this.discoveryPromise = this.discoverInstance();
+        return this;
+    }
+    async discoverInstance() {
+        try {
+            const project = getProjectId();
+            const instanceId = this.name;
+            const res = await gcpFetch(SQL_BASE, `/v1/projects/${project}/instances/${instanceId}`);
+            if (res.state === "DELETED")
+                return null;
+            const primaryIp = res.ipAddresses?.find((ip) => ip.type === "PRIMARY")?.ipAddress;
+            this.resolvedEndpoint = primaryIp ?? null;
+            this.resolvedPort = DB_PORT[this._engine] ?? 5432;
+            this.resolvedConnectionName = res.connectionName ?? null;
+            return res;
+        }
+        catch (e) {
+            if (e.message?.includes("404") ||
+                e.message?.includes("403") ||
+                e.message?.includes("credentials not configured")) {
+                return null;
+            }
+            throw e;
+        }
+    }
+    async waitForOperation(opName, label) {
+        const project = getProjectId();
+        await this.waitFor(label, async () => {
+            const op = await gcpFetch(SQL_BASE, `/v1/projects/${project}/operations/${opName}`);
+            if (op.status === "DONE") {
+                if (op.error) {
+                    throw new Error(`Cloud SQL Operation failed: ${JSON.stringify(op.error)}`);
+                }
+                return true;
+            }
+            return false;
+        }, { intervalMs: 10_000, timeoutMs: 900_000 });
+    }
+    async deploy() {
+        const dryRun = this.isDryRunActive();
+        const project = getProjectId();
+        const location = this._region ?? getRegion();
+        const instanceId = this.name;
+        const port = DB_PORT[this._engine] ?? 5432;
+        console.log(`\n⚡ Finalizing GCP Cloud SQL Instance "${instanceId}"...`);
+        if (!this._username || !this._password) {
+            throw new Error(`[GCP.CloudSQL:${instanceId}] .credentials(username, password) is required`);
+        }
+        const existing = await this.discoveryPromise;
+        const targetDbVersion = formatDatabaseVersion(this._engine, this._engineVersion);
+        const targetAuthorizedNetworks = this._publicAccess
+            ? [{ value: "0.0.0.0/0", name: "internet" }]
+            : [];
+        if (dryRun) {
+            console.log(`   📝 [PLAN] ${existing ? "Update" : "Create"} Cloud SQL instance "${instanceId}" in ${location}`);
+            console.log(`      └─ Engine: ${this._engine} (${targetDbVersion})`);
+            console.log(`      └─ Tier: ${this._tier} | Disk: ${this._storage}GB`);
+            console.log(`      └─ Public Access: ${this._publicAccess ? "enabled" : "disabled"}`);
+            if (this._dbName) {
+                console.log(`      └─ Database to create: "${this._dbName}"`);
+            }
+            if (this._username && this._username !== "postgres" && this._username !== "root") {
+                console.log(`      └─ Custom user to create: "${this._username}"`);
+            }
+            this.resolvedEndpoint = "127.0.0.1";
+            this.resolvedPort = port;
+            this.resolvedConnectionName = `${project}:${location}:${instanceId}`;
+            return {
+                name: instanceId,
+                endpoint: this.resolvedEndpoint,
+                port: this.resolvedPort,
+                connectionName: this.resolvedConnectionName,
+            };
+        }
+        let needsUpdate = !existing;
+        if (existing) {
+            const existingSettings = existing.settings ?? {};
+            const existingNetworks = existingSettings.ipConfiguration?.authorizedNetworks ?? [];
+            const hasTierChange = existingSettings.tier !== this._tier;
+            const hasStorageChange = Number(existingSettings.dataDiskSizeGb ?? 0) < this._storage;
+            const hasNetworkChange = JSON.stringify(existingNetworks) !== JSON.stringify(targetAuthorizedNetworks);
+            needsUpdate = hasTierChange || hasStorageChange || hasNetworkChange;
+        }
+        const settings = {
+            tier: this._tier,
+            dataDiskSizeGb: String(this._storage),
+            ipConfiguration: {
+                ipv4Enabled: true,
+                authorizedNetworks: targetAuthorizedNetworks,
+            },
+        };
+        let currentInstance;
+        if (!existing) {
+            console.log(`🚀 Creating GCP Cloud SQL instance "${instanceId}" (takes several minutes)...`);
+            const op = await gcpFetch(SQL_BASE, `/v1/projects/${project}/instances`, {
+                method: "POST",
+                body: JSON.stringify({
+                    name: instanceId,
+                    databaseVersion: targetDbVersion,
+                    region: location,
+                    rootPassword: this._password,
+                    settings,
+                }),
+            });
+            await this.waitForOperation(op.name, `Instance creation "${instanceId}"`);
+            currentInstance = await gcpFetch(SQL_BASE, `/v1/projects/${project}/instances/${instanceId}`);
+        }
+        else if (needsUpdate) {
+            console.log(`🔄 Updating GCP Cloud SQL instance "${instanceId}"...`);
+            const op = await gcpFetch(SQL_BASE, `/v1/projects/${project}/instances/${instanceId}`, {
+                method: "PATCH",
+                body: JSON.stringify({ settings }),
+            });
+            await this.waitForOperation(op.name, `Instance update "${instanceId}"`);
+            currentInstance = await gcpFetch(SQL_BASE, `/v1/projects/${project}/instances/${instanceId}`);
+        }
+        else {
+            console.log(`✅ GCP Cloud SQL instance "${instanceId}" is up to date.`);
+            currentInstance = existing;
+        }
+        const primaryIp = currentInstance.ipAddresses?.find((ip) => ip.type === "PRIMARY")?.ipAddress;
+        this.resolvedEndpoint = primaryIp ?? null;
+        this.resolvedPort = port;
+        this.resolvedConnectionName = currentInstance.connectionName ?? null;
+        if (this._dbName) {
+            console.log(`   🗄️  Ensuring database "${this._dbName}" exists...`);
+            try {
+                await gcpFetch(SQL_BASE, `/v1/projects/${project}/instances/${instanceId}/databases`, {
+                    method: "POST",
+                    body: JSON.stringify({
+                        name: this._dbName,
+                        instance: instanceId,
+                        project,
+                    }),
+                });
+                console.log(`   ✅ Database "${this._dbName}" created.`);
+            }
+            catch (e) {
+                if (!e.message?.includes("409")) {
+                    throw e;
+                }
+                console.log(`   ✅ Database "${this._dbName}" already exists.`);
+            }
+        }
+        const defaultAdmin = this._engine === "postgres" ? "postgres" : "root";
+        if (this._username && this._username !== defaultAdmin) {
+            console.log(`   👤 Ensuring custom user "${this._username}" exists...`);
+            try {
+                await gcpFetch(SQL_BASE, `/v1/projects/${project}/instances/${instanceId}/users`, {
+                    method: "POST",
+                    body: JSON.stringify({
+                        name: this._username,
+                        password: this._password,
+                        instance: instanceId,
+                        project,
+                    }),
+                });
+                console.log(`   ✅ Custom user "${this._username}" created.`);
+            }
+            catch (e) {
+                if (!e.message?.includes("409")) {
+                    throw e;
+                }
+                console.log(`   ✅ Custom user "${this._username}" already exists.`);
+            }
+        }
+        await this.deploySidecars();
+        console.log(`🚀 Database available → ${this.resolvedEndpoint}:${this.resolvedPort}`);
+        return {
+            name: instanceId,
+            endpoint: this.resolvedEndpoint,
+            port: this.resolvedPort,
+            connectionName: this.resolvedConnectionName,
+        };
+    }
+    async destroy() {
+        const dryRun = this.isDryRunActive();
+        const project = getProjectId();
+        const instanceId = this.name;
+        console.log(`\n🗑️  Destroying GCP Cloud SQL Instance "${instanceId}"...`);
+        const existing = await this.discoverInstance();
+        if (!existing) {
+            console.log(`   ✅ Instance "${instanceId}" does not exist - nothing to do.`);
+            return { destroyed: instanceId };
+        }
+        if (dryRun) {
+            console.log(`   📝 [PLAN] Delete Cloud SQL instance "${instanceId}"`);
+            return { destroyed: instanceId };
+        }
+        console.log(`   🔄 Deleting Cloud SQL instance "${instanceId}"...`);
+        const op = await gcpFetch(SQL_BASE, `/v1/projects/${project}/instances/${instanceId}`, {
+            method: "DELETE",
+        });
+        await this.waitForOperation(op.name, `Instance deletion "${instanceId}"`);
+        console.log(`   ✅ Instance "${instanceId}" deleted.`);
+        await this.destroySidecars();
+        return { destroyed: instanceId };
+    }
+}

package/dist/providers/gcp/cloudsql.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/providers/gcp/cloudsql.test.js

@@ -0,0 +1,295 @@
+import { test, describe, beforeEach, afterEach, mock } from "node:test";
+import assert from "node:assert";
+import { GoogleAuth } from "google-auth-library";
+import { GCPCloudSQLBuilder } from "./cloudsql.js";
+import { Config } from "../../core/config.js";
+describe("GCPCloudSQLBuilder Unit Tests", () => {
+    let originalFetch;
+    let fetchCalls = [];
+    let mockResponses = {};
+    beforeEach(() => {
+        Config.set({
+            dryRun: false,
+            providers: {
+                gcp: {
+                    projectId: "my-gcp-project",
+                    serviceAccountPath: "/fake/sa.json",
+                    region: "us-central1",
+                },
+            },
+        });
+        originalFetch = globalThis.fetch;
+        fetchCalls = [];
+        mockResponses = {};
+        globalThis.fetch = async (input, init) => {
+            const url = String(input);
+            const method = init?.method ?? "GET";
+            let body;
+            if (init?.body) {
+                if (typeof init.body === "string") {
+                    try {
+                        body = JSON.parse(init.body);
+                    }
+                    catch {
+                        body = init.body;
+                    }
+                }
+                else {
+                    body = "[Binary/Buffer Body]";
+                }
+            }
+            const headers = init?.headers;
+            fetchCalls.push({ url, method, body, headers });
+            const matchKey = Object.keys(mockResponses)
+                .filter((key) => {
+                const [mMethod, mPath] = key.split(" ");
+                return method === mMethod && url.includes(mPath);
+            })
+                .sort((a, b) => b.split(" ")[1].length - a.split(" ")[1].length)[0];
+            if (matchKey) {
+                const resp = mockResponses[matchKey];
+                return {
+                    ok: resp.status >= 200 && resp.status < 300,
+                    status: resp.status,
+                    json: async () => resp.body,
+                    text: async () => JSON.stringify(resp.body),
+                };
+            }
+            return {
+                ok: false,
+                status: 404,
+                json: async () => ({ message: `Endpoint not mocked: ${method} ${url}` }),
+                text: async () => `Endpoint not mocked: ${method} ${url}`,
+            };
+        };
+        mock.method(GoogleAuth.prototype, "getClient", async () => {
+            return {
+                getAccessToken: async () => ({ token: "fake-gcp-token" }),
+            };
+        });
+    });
+    afterEach(() => {
+        globalThis.fetch = originalFetch;
+        mock.restoreAll();
+    });
+    test("fluent builder api sets properties correctly", () => {
+        const builder = new GCPCloudSQLBuilder("my-db")
+            .engine({ engine: "postgres", version: "15" })
+            .size("db-custom-2-7680")
+            .storage(50)
+            .credentials("db_user", "db_pass")
+            .database("my_app_db")
+            .publicAccess(true)
+            .region("us-east4");
+        assert.strictEqual(builder._engine, "postgres");
+        assert.strictEqual(builder._engineVersion, "15");
+        assert.strictEqual(builder._tier, "db-custom-2-7680");
+        assert.strictEqual(builder._storage, 50);
+        assert.strictEqual(builder._username, "db_user");
+        assert.strictEqual(builder._password, "db_pass");
+        assert.strictEqual(builder._dbName, "my_app_db");
+        assert.strictEqual(builder._publicAccess, true);
+        assert.strictEqual(builder._region, "us-east4");
+    });
+    test("runs in dry-run mode safely and logs plans", async () => {
+        Config.set({
+            dryRun: true,
+            providers: {
+                gcp: {
+                    projectId: "my-gcp-project",
+                    serviceAccountPath: "/fake/sa.json",
+                    region: "us-central1",
+                },
+            },
+        });
+        const builder = new GCPCloudSQLBuilder("dry-run-db")
+            .credentials("root", "secretpwd")
+            .engine({ engine: "mysql", version: "8.0" })
+            .size("db-f1-micro")
+            .storage(15);
+        const result = await builder.deploy();
+        assert.strictEqual(result.name, "dry-run-db");
+        assert.strictEqual(result.endpoint, "127.0.0.1");
+        assert.strictEqual(result.port, 3306);
+        assert.strictEqual(result.connectionName, "my-gcp-project:us-central1:dry-run-db");
+        // No write calls should be sent in dry-run mode
+        const writeCalls = fetchCalls.filter((c) => c.method !== "GET");
+        assert.strictEqual(writeCalls.length, 0);
+    });
+    test("creates a new instance, database, and custom user when missing", async () => {
+        // 1. Stateful mock for GET /instances/new-db: returns 404 on discovery, 200 after creation
+        mockResponses["GET /instances/new-db"] = {
+            get status() {
+                const getCalls = fetchCalls.filter((c) => c.method === "GET" && c.url.includes("/instances/new-db"));
+                return getCalls.length <= 1 ? 404 : 200;
+            },
+            get body() {
+                const getCalls = fetchCalls.filter((c) => c.method === "GET" && c.url.includes("/instances/new-db"));
+                if (getCalls.length <= 1)
+                    return { message: "Not found" };
+                return {
+                    name: "new-db",
+                    connectionName: "my-gcp-project:us-central1:new-db",
+                    ipAddresses: [{ type: "PRIMARY", ipAddress: "35.200.10.20" }],
+                    settings: {
+                        tier: "db-f1-micro",
+                        dataDiskSizeGb: "20",
+                    },
+                };
+            },
+        };
+        // 2. Mock POST (create instance)
+        mockResponses["POST /instances"] = {
+            status: 200,
+            body: { name: "op-create-123", status: "PENDING" },
+        };
+        // 3. Mock GET (poll operation status until DONE)
+        mockResponses["GET /operations/op-create-123"] = {
+            status: 200,
+            body: { status: "DONE" },
+        };
+        // 5. Mock POST (create database)
+        mockResponses["POST /instances/new-db/databases"] = {
+            status: 201,
+            body: {},
+        };
+        // 6. Mock POST (create custom user)
+        mockResponses["POST /instances/new-db/users"] = {
+            status: 201,
+            body: {},
+        };
+        const builder = new GCPCloudSQLBuilder("new-db")
+            .engine({ engine: "postgres", version: "16" })
+            .size("db-f1-micro")
+            .storage(20)
+            .credentials("custom_admin", "securepwd")
+            .database("custom_db")
+            .publicAccess(false);
+        const result = await builder.deploy();
+        assert.strictEqual(result.name, "new-db");
+        assert.strictEqual(result.endpoint, "35.200.10.20");
+        assert.strictEqual(result.port, 5432);
+        assert.strictEqual(result.connectionName, "my-gcp-project:us-central1:new-db");
+        // Verify correct calls were made
+        const postInstances = fetchCalls.find((c) => c.method === "POST" && c.url.endsWith("/instances"));
+        assert.ok(postInstances);
+        assert.strictEqual(postInstances.body.name, "new-db");
+        assert.strictEqual(postInstances.body.databaseVersion, "POSTGRES_16");
+        assert.strictEqual(postInstances.body.rootPassword, "securepwd");
+        assert.strictEqual(postInstances.body.settings.dataDiskSizeGb, "20");
+        const postDB = fetchCalls.find((c) => c.method === "POST" && c.url.includes("/databases"));
+        assert.ok(postDB);
+        assert.strictEqual(postDB.body.name, "custom_db");
+        const postUser = fetchCalls.find((c) => c.method === "POST" && c.url.includes("/users"));
+        assert.ok(postUser);
+        assert.strictEqual(postUser.body.name, "custom_admin");
+        assert.strictEqual(postUser.body.password, "securepwd");
+    });
+    test("patches instance when configuration storage or tier differs", async () => {
+        // 1. Mock GET (discovery) returns existing instance with 10GB and different tier
+        mockResponses["GET /instances/patch-db"] = {
+            status: 200,
+            body: {
+                name: "patch-db",
+                connectionName: "my-gcp-project:us-central1:patch-db",
+                ipAddresses: [{ type: "PRIMARY", ipAddress: "35.200.10.20" }],
+                settings: {
+                    tier: "db-f1-micro",
+                    dataDiskSizeGb: "10",
+                },
+            },
+        };
+        // 2. Mock PATCH (update settings)
+        mockResponses["PATCH /instances/patch-db"] = {
+            status: 200,
+            body: { name: "op-patch-123", status: "PENDING" },
+        };
+        // 3. Mock GET (poll operation status until DONE)
+        mockResponses["GET /operations/op-patch-123"] = {
+            status: 200,
+            body: { status: "DONE" },
+        };
+        const builder = new GCPCloudSQLBuilder("patch-db")
+            .engine({ engine: "postgres", version: "16" })
+            .size("db-custom-2-7680") // changed tier!
+            .storage(30) // increased storage!
+            .credentials("postgres", "securepwd");
+        const result = await builder.deploy();
+        assert.strictEqual(result.name, "patch-db");
+        // Verify PATCH was called
+        const patchCalls = fetchCalls.filter((c) => c.method === "PATCH");
+        assert.strictEqual(patchCalls.length, 1);
+        assert.strictEqual(patchCalls[0].body.settings.tier, "db-custom-2-7680");
+        assert.strictEqual(patchCalls[0].body.settings.dataDiskSizeGb, "30");
+    });
+    test("skips patch if instance configuration is identical", async () => {
+        // 1. Mock GET (discovery) returns identical settings
+        mockResponses["GET /instances/ident-db"] = {
+            status: 200,
+            body: {
+                name: "ident-db",
+                connectionName: "my-gcp-project:us-central1:ident-db",
+                ipAddresses: [{ type: "PRIMARY", ipAddress: "35.200.10.20" }],
+                settings: {
+                    tier: "db-f1-micro",
+                    dataDiskSizeGb: "10",
+                    ipConfiguration: {
+                        authorizedNetworks: [],
+                    },
+                },
+            },
+        };
+        const builder = new GCPCloudSQLBuilder("ident-db")
+            .engine({ engine: "postgres", version: "16" })
+            .size("db-f1-micro")
+            .storage(10)
+            .credentials("postgres", "securepwd")
+            .publicAccess(false);
+        const result = await builder.deploy();
+        assert.strictEqual(result.name, "ident-db");
+        // Assert NO write calls for instances (POST or PATCH) occurred
+        const writeCalls = fetchCalls.filter((c) => c.method === "PATCH" ||
+            (c.method === "POST" && c.url.endsWith("/instances")));
+        assert.strictEqual(writeCalls.length, 0);
+    });
+    test("destroys an existing instance successfully", async () => {
+        // 1. Mock GET (discovery on destroy) returns existing instance
+        mockResponses["GET /instances/to-delete-db"] = {
+            status: 200,
+            body: {
+                name: "to-delete-db",
+                connectionName: "my-gcp-project:us-central1:to-delete-db",
+            },
+        };
+        // 2. Mock DELETE
+        mockResponses["DELETE /instances/to-delete-db"] = {
+            status: 200,
+            body: { name: "op-delete-123", status: "PENDING" },
+        };
+        // 3. Mock GET (poll operation status until DONE)
+        mockResponses["GET /operations/op-delete-123"] = {
+            status: 200,
+            body: { status: "DONE" },
+        };
+        const builder = new GCPCloudSQLBuilder("to-delete-db");
+        const result = await builder.destroy();
+        assert.deepStrictEqual(result, { destroyed: "to-delete-db" });
+        // Verify DELETE was called
+        const deleteCalls = fetchCalls.filter((c) => c.method === "DELETE");
+        assert.strictEqual(deleteCalls.length, 1);
+        assert.strictEqual(deleteCalls[0].url.includes("/instances/to-delete-db"), true);
+    });
+    test("destroy does nothing when instance does not exist", async () => {
+        // Mock GET returned 404
+        mockResponses["GET /instances/not-exist-db"] = {
+            status: 404,
+            body: { message: "Not found" },
+        };
+        const builder = new GCPCloudSQLBuilder("not-exist-db");
+        const result = await builder.destroy();
+        assert.deepStrictEqual(result, { destroyed: "not-exist-db" });
+        // Verify no DELETE was called
+        const deleteCalls = fetchCalls.filter((c) => c.method === "DELETE");
+        assert.strictEqual(deleteCalls.length, 0);
+    });
+});

package/dist/providers/gcp/iam.d.ts

@@ -0,0 +1,38 @@
+import { BaseBuilder } from "../../core/resource.js";
+import { Output } from "../../core/output.js";
+export declare class GCPServiceAccountBuilder extends BaseBuilder {
+    readonly out: {
+        email: Output<string>;
+        name: Output<string>;
+    };
+    private _displayName?;
+    private _description?;
+    constructor(accountId: string);
+    get email(): string;
+    displayName(name: string): this;
+    description(desc: string): this;
+    private discoverServiceAccount;
+    deploy(): Promise<{
+        email: string;
+        name: string;
+    }>;
+    destroy(): Promise<{
+        destroyed: string;
+    }>;
+}
+export declare class GCPIAMBindingBuilder extends BaseBuilder {
+    private _role;
+    private _members;
+    constructor(name: string);
+    role(name: string): this;
+    member(m: string | GCPServiceAccountBuilder | Output<string>): this;
+    members(...m: (string | GCPServiceAccountBuilder | Output<string>)[]): this;
+    private resolveMembers;
+    deploy(): Promise<{
+        role: string;
+        bound: string[];
+    }>;
+    destroy(): Promise<{
+        destroyed: string;
+    }>;
+}